The present disclosure relates to methods, systems and computer program products for a container independent secure file system for security application containers.
Operating-system-level virtualization (also known as containers, software containers, virtualization engines, virtual private servers, or the like) is a server-virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. The isolated user-space instances may look and feel like a real server from the point of view of its owners and users.
Applications or container systems may be used for the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization. Some applications may use the resource isolation features of the kernel such as cgroups and kernel namespaces, and a union-capable filesystem such as aufs and others to allow independent “containers” to run within a single instance, avoiding the overhead of starting and maintaining virtual machines.
However, such container systems suffer from a lack of security. In particular, the contents of the containers may be visible in the host file system to the system administrator or a root user. Security applications need to protect customer data like cryptographic keys from any user that is not specifically granted access in the security application.